Description
The 
iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
Published: 2026-04-16
Score: 9.3 Critical
EPSS: 3.0% Low
KEV: No
Impact: Command Injection
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an OS Command Injection that allows unauthenticated local attackers to inject and execute arbitrary OS commands on the server. This flaw grants full control over the underlying operating system, compromising confidentiality, integrity, and availability. The weakness is identified as a classic OS command injection (CWE‑78).

Affected Systems

The affected products are HGiga iSherlock‑audit versions 4.5 and 5.5, and HGiga iSherlock‑base versions 4.5 and 5.5. Any installation of these versions is susceptible to the exploit and must be reviewed for a patch.

Risk and Exploitability

The CVSS score of 9.3 indicates a high severity level. The EPSS score of 2% shows a low but non-zero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, but the absence of listing does not diminish the risk. The flaw requires local, unauthenticated access; an attacker with such access can run arbitrary commands, effectively gaining full control of the affected system. Prompt remediation is essential to mitigate this critical risk.

Generated by OpenCVE AI on April 28, 2026 at 16:23 UTC.

Remediation

Vendor Solution

Update iSherlock-base-4.5 package to version 476 or later Update iSherlock-audit-4.5 package to version 261 or later Update iSherlock-base-5.5 package to version 476 or later Update iSherlock-audit-5.5 package to version 261 or later

OpenCVE Recommended Actions

  • Update iSherlock‑base 4.5 to version 476 or later
  • Update iSherlock‑audit 4.5 to version 261 or later
  • Update iSherlock‑base 5.5 to version 476 or later
  • Update iSherlock‑audit 5.5 to version 261 or later

Generated by OpenCVE AI on April 28, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 24 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

 cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Hgiga
Hgiga isherlock-audit
Hgiga isherlock-base
Vendors & Products Hgiga
Hgiga isherlock-audit
Hgiga isherlock-base

Thu, 16 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description The  iSherlock developed by HGiga  has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.
Title HGiga|iSherlock - OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Hgiga Isherlock-audit Isherlock-base
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-04-24T07:23:51.324Z

Reserved: 2026-04-15T11:32:29.759Z

Link: CVE-2026-6349

cve-icon Vulnrichment

Updated: 2026-04-16T13:43:02.940Z

cve-icon NVD

Status : Deferred

Published: 2026-04-16T03:16:30.660

Modified: 2026-05-19T15:52:30.143

Link: CVE-2026-6349

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T16:30:35Z

Weaknesses